CVE-2007-6374
published 2007-12-15CVE-2007-6374: Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the…
PriorityP417medium4.3CVSS 2.0
AVNACMAuNCNIPAN
EXPLOIT
EPSS
2.21%
80.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) users/register.php or (2) search/index.php, or an editcomments action in (3) wiki/index.php or (4) forums/index.php. NOTE: the error parameter to users/login.php is covered by CVE-2006-3103.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| bitweaver | bitweaver | <= 2.0.0 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Bitweaver 1.x/2.0 - 'search/index.php' Cross-Site Scripting
exploitdb·2007-11-10
CVE-2007-6374 Bitweaver 1.x/2.0 - 'search/index.php' Cross-Site Scripting
Bitweaver 1.x/2.0 - 'search/index.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/26801/info
Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input including multiple cross-site scripting vulnerabilities, multiple HTML-injection vulnerabilities, and an SQL-injection vulnerability.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database. Other attacks are also possible.
Bitweaver 2.0.0 and prior versions are vulnerable to these issues.
http://www.example.com/search/index.php/XSS
Exploit-DB
Bitweaver 1.x/2.0 - 'users/register.php' Cross-Site Scripting
exploitdb·2007-11-10
CVE-2007-6374 Bitweaver 1.x/2.0 - 'users/register.php' Cross-Site Scripting
Bitweaver 1.x/2.0 - 'users/register.php' Cross-Site Scripting
---
source: https://www.securityfocus.com/bid/26801/info
Bitweaver is prone to multiple input-validation vulnerabilities because the application fails to sufficiently sanitize user-supplied input including multiple cross-site scripting vulnerabilities, multiple HTML-injection vulnerabilities, and an SQL-injection vulnerability.
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, or exploit vulnerabilities in the underlying database. Other attacks are also possible.
Bitweaver 2.0.0 and prior versions are vulnerable to these issues.
http://www.example.com/users/register.php/XSS
No writeups or analysis indexed.
http://osvdb.org/39129http://osvdb.org/39130http://secunia.com/advisories/28024http://securityreason.com/securityalert/3428http://www.hackerscenter.com/archive/view.asp?id=28129http://www.securityfocus.com/archive/1/484805/100/0/threadedhttp://www.securityfocus.com/bid/26801http://www.vupen.com/english/advisories/2007/4168https://exchange.xforce.ibmcloud.com/vulnerabilities/38942http://osvdb.org/39129http://osvdb.org/39130http://secunia.com/advisories/28024http://securityreason.com/securityalert/3428http://www.hackerscenter.com/archive/view.asp?id=28129http://www.securityfocus.com/archive/1/484805/100/0/threadedhttp://www.securityfocus.com/bid/26801http://www.vupen.com/english/advisories/2007/4168https://exchange.xforce.ibmcloud.com/vulnerabilities/38942
2007-12-15
Published